When you are authenticating clients to a wireless network, two processes are available. The first, known as open system authentication, is used in situations where you want to make your network available to a wide range of clients. This type of authentication occurs when an authentication frame is sent from a client to an access point. When the access point receives the frame, it verifies its SSID, and if it’s correct the access point sends a verification frame back to the client, allowing the connection to be made.
The second process is known as shared key authentication. In this process, each client receives the key ahead of time and then can connect to the network as needed.
This is how shared key authentication works:
1. The client sends an authentication request to the access point.
2. The access point returns a challenge to the client.
3. The client encrypts the challenge using the shared key it is configured with.
4. The access point uses the same shared key to decrypt the challenge; if the responses match, then the client is validated and is given access to the network.